Submit a file for malware analysis

Microsoft security researchers analyze suspicious files to determine if they are threats, unwanted applications, or normal files.
Submit files you think are malware or files that you believe have been incorrectly classified as malware.
For more information, read the
submission guidelines.

You are signed in with a account, however you have chosen to submit as a .
Choose a different option or sign in with a account

Submit file as a

HINT
Home customers can submit files anonymously. To track submissions, you will need to sign in with a personal account.

Windows Defender Response Portal

This portal is for internal use by Microsoft employees to report detection concerns to Windows Defender Research

Submit a file internally

Submit files so our analysts can check them for malicious characteristics. Provide the specific files that need to be analyzed and as much background information as possible.

Email addressesSpecify the email addresses of users with permission to open the submission details page; separate each address with a semicolon (;)

Specify the company name

Company Name *

Was this file found in the Microsoft corporate network?

NoYes

Affected organization

Specify a valid customer email address

Customer contact (recommended)Note: The customer will receive email about this submission, including the confirmation message and the analysis result.

Select the number of affected devices

Number of affected devices *

1 - 100

101 - 1,000

1,001 - 10,000

10,000+

Specify a valid Software Assurance ID

SAID validated. Make high priority submissions only when dealing with active malware or incorrect detections that require immediate attention

Invalid SAID. The specified SAID could not be validated. All submissions are given regular priority

Problems validating SAID. Could not connect to the validation service. Please try again later

Software Assurance ID

Provide the Software Assurance ID (SAID) tied to your Microsoft security productNOTE: If you don't have an SAID, your submissions will be given regular priority. For high priority submissions, contact Premier Support.

Submission priority

Regular — submission will be added to our queueHigh — submission will be given immediate attention; use only during emergencies to address active malware or incorrect detections

Use this option only during emergencies to address active malware

Specify submission priority

Low — may never be processed by an analyst; use for bulk submissions or to check latest detectionsMedium — for analyst review within a few daysHigh — receives immediate attention; analyst will be paged and will respond within two hours

Select the file to submit

The selected file is too large ()

The selected file is empty

Select the file *

Choose the file you want to submit

Maximum file size is 50 MB. Use the password "infected" to encrypt ZIP or RAR archives.

NOTE: Submit only the specific files you want analyzed. Submitting an installer package or an archive with a large number of files may delay the analysis and cause your submission to be deprioritized.

Should this file be removed from our database at a certain date?

No — remove the file automatically after a period of inactivityYes — remove the file on:

Select a date between 30 days and 5 years from now

NOTE: Files submitted by multiple users are retained until all retention periods have elapsed.

Do you believe this file contains malware?

YesI am submitting a large number of files for bulk processing and trackingNo — this file has been incorrectly detected

Select a Microsoft security product

Select the Microsoft security product used to scan the file *

System Center Endpoint Protection

Windows Intune

Microsoft DaRT

Microsoft Forefront Client Security

Microsoft Forefront Endpoint Protection 2010

Microsoft Forefront Protection for SharePoint

Microsoft Forefront Server Security

Office 365 and Exchange Online Protection

System Center 2012 Endpoint Protection

Windows Server Antimalware

Other

Windows Defender Antivirus (Windows 10)

Microsoft Security Essentials

Windows Defender (Windows 8)

Windows Defender (Windows 7, Windows Vista, or Windows XP)

Other

System Center Endpoint Protection

Windows Defender Antivirus (Windows 10)

Windows Intune

Microsoft DaRT

Microsoft Forefront Client Security

Microsoft Forefront Endpoint Protection 2010

Microsoft Forefront Protection for SharePoint

Microsoft Forefront Server Security

Microsoft Security Essentials

Office 365 and Exchange Online Protection

System Center 2012 Endpoint Protection

Windows Defender (Windows 8)

Windows Defender (Windows 7, Windows Vista, or Windows XP)

Windows Server Antimalware

Other

System Center Endpoint Protection

Windows Defender Antivirus (Windows 10)

Windows Defender ATP

Windows Intune

Microsoft DaRT

Microsoft Forefront Client Security

Microsoft Forefront Endpoint Protection 2010

Microsoft Forefront Protection for SharePoint

Microsoft Forefront Server Security

Microsoft Security Essentials

Office 365 and Exchange Online Protection

System Center 2012 Endpoint Protection

Windows Defender (Windows 8)

Windows Defender (Windows 7, Windows Vista, or Windows XP)

Windows Server Antimalware

Other

Specify a detection name

Detection name *Learn how to see the list of detected threats on Windows Defender Antivirus.

Definition version (recommended)Learn how to check the definition version on Windows Defender Antivirus.

Specify additional information

Additional information *

0/1900To help our analysts process your submission faster, please provide additional information in English. Include any information you may have about the file, including where you have obtained it, business impact, and platform and other details of affected clients.